Known Vulnerabilities for products from Tianocore

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Tianocore".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-38578 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 9.8 - CRITICAL 2022-03-03 2023-08-02
CVE-2021-38577 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... Not Provided 2022-03-03 2023-11-07
CVE-2021-38576 A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanent... 7.5 - HIGH 2022-01-03 2022-01-13
CVE-2021-38575 NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. 8.1 - HIGH 2021-12-01 2023-11-07
CVE-2021-28216 BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Suppor... 7.8 - HIGH 2021-08-05 2021-08-16
CVE-2021-28213 Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. 7.5 - HIGH 2021-06-11 2022-07-12
CVE-2021-28211 A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. 6.7 - MEDIUM 2021-06-11 2021-06-22
CVE-2021-28210 An unlimited recursion in DxeCore in EDK II. 7.8 - HIGH 2021-06-11 2021-06-24
CVE-2019-14587 Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. 6.5 - MEDIUM 2020-11-23 2022-01-01
CVE-2019-14586 Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, informa... 8 - HIGH 2020-11-23 2022-01-01
CVE-2019-14584 Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via ... 7.8 - HIGH 2021-06-03 2021-06-11
CVE-2019-14575 Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of p... 7.8 - HIGH 2020-11-23 2022-01-01
CVE-2019-14563 Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 - HIGH 2020-11-23 2022-01-01
CVE-2019-14562 Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of serv... 5.5 - MEDIUM 2020-11-23 2022-01-01
CVE-2019-14559 Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via net... 7.5 - HIGH 2020-11-23 2022-01-01
CVE-2019-14553 Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access... 4.9 - MEDIUM 2020-11-23 2020-11-25
CVE-2019-11098 Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of ... 6.8 - MEDIUM 2021-07-14 2021-07-20
CVE-2019-0161 Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. 5.5 - MEDIUM 2019-03-27 2023-11-07
CVE-2019-0160 Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege an... 9.8 - CRITICAL 2019-03-27 2023-11-07
CVE-2018-12183 Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, informa... 6.8 - MEDIUM 2019-03-27 2023-11-07
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Tianocore

Type Vendor Product Version
ApplicationTianocoreEdk2-